On Sun, Sep 2, 2012 at 6:58 PM, Sigbjorn Lie <sigbj...@nixtra.com> wrote:
> On 09/02/2012 04:37 PM, Natxo Asenjo wrote: > > One thing I have not yet gotten to work is that these changes are not > persistent accross reboots. The ldapclient config stays, but the service > ldap/client does not start (stays disabled) and nsswitch.conf missess the > ldap entries. So far I am fixing this from cfengine (gotta love it). > > So apparently, for solaris 10 and newer versions, the procedure outlined > in http://freeipa.com/page/ConfiguringSolarisClients is no longer > necessary as far as the ldap client is concerned. > > > I'm using Nexenta as an IPA client, another derivative of OpenSolaris. I > use a DUAProfile with ldapclient. This stays configured and the ldap/client > service is enabled across reboots. > > > There is a DUAProfile included by default with IPA, but it requires some > tweaking to support more than just the basic features. See this bugzilla > for a more comprehensive example: > > https://bugzilla.redhat.com/show_bug.cgi?id=815515 > > ok, looks nice. I did not know about this automatic config tool. So If run ldapclient init -a profileName=default kdc.ipa.asenjo.nx it should work. Yes it does, awesome. Unfortunately, it keeps stopping after a reboot: Sep 2 20:05:19 Enabled. ] [ Sep 2 20:05:31 Executing start method ("/lib/svc/method/ldap-client start"). ] [ Sep 2 20:05:38 Method "start" exited with status 0. ] [ Sep 2 20:05:38 Stopping because service disabled. ] [ Sep 2 20:05:38 Executing stop method ("/lib/svc/method/ldap-client stop"). ] [ Sep 2 20:05:38 Method "stop" exited with status 0. ] > > There is also some more info about configuring Solaris clients in this > bugzilla: > > https://bugzilla.redhat.com/show_bug.cgi?id=815533 > > > The ldap/client service is enabled when you run the ldapclient script. > There should be no need for doing this manually. When you run ldapclient, > run it with the -v flag and look for errors. > > I have rerun ldapclient after running ldapclient uninit and saw no errors. > After a reboot, what does "svcs -xv ldap/client" output? > # svcs -xv ldap/client svc:/network/ldap/client:default (LDAP client) State: disabled since September 2, 2012 08:05:38 PM CEST Reason: Temporarily disabled by an administrator. See: http://illumos.org/msg/SMF-8000-1S See: man -M /usr/share/man -s 1M ldap_cachemgr See: /var/svc/log/network-ldap-client:default.log Impact: This service is not running. But I have not temporarily disabled it (option -t to svcadm, I believe). Is the services is depend on in online state? "svcs -d ldap/client" > > # svcs -d ldap/client STATE STIME FMRI online 19:51:58 svc:/system/filesystem/minimal:default online 19:51:59 svc:/network/initial:default online 19:52:10 svc:/network/location:default What does /var/svc/log/network-ldap-client:default.log display after a > reboot? > > see above. What files do you have in /var/ldap? > ls -l /var/ldap/ total 7 -rw-r--r-- 1 root root 2368 2012-09-02 15:28 cachemgr.log -r-------- 1 root root 100 2012-09-02 11:16 ldap_client_cred -r-------- 1 root root 371 2012-09-02 11:16 ldap_client_file drwxr-xr-x 2 root root 4 2012-09-02 11:16 restore > What is the content of the /var/ldap/ldap_client_file? > # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= kdc.ipa.asenjo.nx NS_LDAP_SEARCH_BASEDN= dc=ipa,dc=asenjo,dc=nx NS_LDAP_AUTH= none NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_TIME= 15 NS_LDAP_PROFILE= default NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=ipa,dc=asenjo,dc=nx NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=ipa,dc=asenjo,dc=nx NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount Thank for your tips. I think there might just be something broken with the ldap/client service in openindiana. This DUAProfile thing is really nice to use -- natxo
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users